pgadmin4/pkg/redhat
Dave Page c32ff3a7ee Expect the yum repo metadata to be GPG signed. 2021-05-06 15:27:22 +01:00
..
PGADMIN_PKG_KEY Add the public key for our packages for the RPM build. 2020-05-18 15:43:17 +01:00
README.md Convert READMEs to lightly formatted markdown, so they display nicely on Github etc. 2021-02-05 16:18:50 +00:00
build.sh Make the error messages on exit show something useful. 2021-05-04 14:12:13 +01:00
pgadmin4-python-mod_wsgi.spec Add support for building RPMs on CentOS/RHEL 7 2020-03-19 12:56:39 -04:00
pgadmin4-python3-mod_wsgi-exports.patch Add support for building RPMs on CentOS/RHEL 7 2020-03-19 12:56:39 -04:00
pgadmin4-python3-mod_wsgi.conf Add support for building RPMs on CentOS/RHEL 7 2020-03-19 12:56:39 -04:00
pgadmin4.conf Add support for building RHEL/CentOS 8 RPMs. 2020-03-18 08:51:11 -04:00
repo-rpm.sh Expect the yum repo metadata to be GPG signed. 2021-05-06 15:27:22 +01:00
setup.sh Implemented runtime using NWjs to open pgAdmin4 in a standalone window 2021-01-29 13:38:27 +05:30

README.md

pgAdmin Redhat Builds

This directory contains the build runner script for creating .RPM packages for Redhat distributions.

Supported platforms

  • Fedora 30, 31 & 32
  • RHEL/CentOS 7 & 8

Build configuration

To build RPM packages, first run the setup.sh script as root to install the required pre-requisites, e.g.

# pkg/redhat/setup.sh

Building packages

To build a set of packages, from the top-level source directory run:

$ make redhat

or

$ pkg/redhat/build.sh

Four (or five) .rpm packages will be created in the dist/ directory:

pgadmin4-._noarch.rpm

A convenience package that depends on all the others.

pgadmin4-server-...rpm

The core server, e.g. the Python and JS code and the online documentation.

pgadmin4-desktop-...rpm

The desktop runtime. Requires the server package.

pgadmin4-web-...rpm

The server mode setup script for configuring Apache HTTPD. Requires the server package.

pgadmin4-python3-mod_wsgi-4.7.1-2.el7..rpm

The Python 3 build of mod_wsgi for the Apache HTTPD server. Only built on RHEL/CentOS 7.

Signing Packages

It is good practice to sign RPMs to prove their provenance. The build scripts included in this directory do NOT do that; doing so is done using a Jenkins task in the pgAdmin buildfarm.

If you want to sign your own RPMs, you'll first need to ensure that the gnupg2 and rpmsign tools are available on your system.

Then, create a .rpmmacros file in the home directory of the user account that will be doing the signing. On Fedora 30 and later, and RHEL/CentOS 8 and later, that should contain the following contents (without the start/end markers). Replace with the email address in your key:

%_signature gpg
%_gpg_path ~/.gnupg
%_gpg_name <your signing key>
%_gpgbin /usr/bin/gpg2
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}

On RHEL/CentOS 7, the .rpmmacros file should look like this:

%_signature gpg
%_gpg_path ~/.gnupg
%_gpg_name Package Manager
%_gpgbin /usr/bin/gpg2
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__
signature_filename} --digest-algo sha256 %{__plaintext_filename}

Note that these configurations are designed for automated signing in a CI/CD system. You may need to adjust them to handle passphrases on keys in your own environment.

You also need to import your signing private key into the gnupg2 keystore, for example:

gpg --import signing_key.priv

Once everything is setup, RPMs can be signed easily; for example:

rpmsign --addsign dist/*.rpm

Building a repo

A Yum repo can be created by building RPMs for the required platforms, moving them into the required directory structure, and then running the createrepo tool over that directory. The pgAdmin repos use the following structure:

<root>
  redhat/
    rhel-7-x86_64/
      pgadmin4-4.21-1.el7.noarch.rpm
      pgadmin4-desktop-4.21-1.el7.x86_64.rpm
      pgadmin4-python3-mod_wsgi-4.7.1-2.el7.x86_64.rpm
      pgadmin4-server-4.21-1.el7.x86_64.rpm
      pgadmin4-web-4.21-1.el7.noarch.rpm
    rhel-8-x86_64/
      <...>
  fedora/
    <...>
  pgadmin4-fedora-repo-1-1.noarch.rpm
  pgadmin4-redhat-repo-1-1.noarch.rpm
  README

Note that only the first branches are shown above; other branches (e.g. for Fedora and RHEL 8 follow the structure shown for RHEL 7.

Technically there are multiple different repos, one for each platform and architecture. The metadata can be created for each as follows:

/usr/bin/createrepo <root>/redhat/rhel-7-x86_64
/usr/bin/createrepo <root>/redhat/rhel-8-x86_64
...

Repository RPMs

A script is provided for the creation of repo RPMs. It will create RPMs that install the required Yum configuration file and the public signing key for pgAdmin (you may want to replace the contents of PGADMIN_PKG_KEY with your own public key):

./repo-rpms.sh

Set the PGADMIN_REPO_DIR environment variable to define the repository root from the client's perspective. Given the example above, you might do:

PGADMIN_REPO_DIR=https://yum.company.com/repos/<root> ./repo-rpms.sh